CISA has added a critical MongoDB Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively exploited in cyberattacks.
CVE-2025-14847 affects MongoDB Server and allows unauthenticated attackers to read uninitialized heap memory due to an inconsistency in the handling of the length parameter in Zlib-compressed protocol headers.
| Attribute | Details |
|---|---|
| CVE ID | CVE-2025-14847 |
| Affected Product | MongoDB and MongoDB Server |
| Vulnerability Type | Improper Handling of Length Parameter Inconsistency |
| Related CWE | CWE-130 |
| Attack Vector | Unauthenticated client access |
| Impact | Read uninitialized heap memory |
The vulnerability poses a significant risk as it requires no authentication, enabling remote attackers to access sensitive data stored in memory without valid credentials.
CISA added the vulnerability to the KEV catalog on December 29, 2025, confirming active exploitation in the wild.
Federal agencies have until January 19, 2026, to implement mitigations or discontinue use of affected products, per the agency’s Binding Operational Directive (BOD) 22-01.
Organizations using the MongoDB Server should immediately apply security patches provided by MongoDB to address this vulnerability.
The flaw is classified under CWE-130 (Improper Handling of Length Parameter Inconsistency), a weakness that can lead to memory corruption and information disclosure.
While it remains unknown whether CVE-2025-14847 has been used in ransomware campaigns, the active exploitation makes it a priority for security teams.
CISA recommends that organizations apply vendor patches, follow BOD 22-01 guidance for cloud services, or discontinue product use if mitigations are unavailable.
The vulnerability’s inclusion in the KEV catalog signals that threat actors are actively targeting MongoDB deployments.
Security experts warn that unpatched servers could allow attackers to extract sensitive information from memory, potentially leading to data breaches or further compromise of enterprise networks.
Organizations should prioritize patching MongoDB servers and monitoring for suspicious activity related to this vulnerability.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
